On Samstag 06 August 2005 22:17, Sandy Drobic wrote:
David Huecking wrote:
Care to tell why you think this is appropriate in suse-security? To my mind securing a network-application especially with a tool created by a guy who works/ worked for SuSE should be ok in suse-security.
I start mlnet with a start-script which executes: /usr/sbin/compartment
--chroot $CHROOT_PATH
I suggest you think about this option (^-^)
Ok, I know that the process is in a chroot-jail. But what would I have to put in the chroot-enviroment also? - I started mlnet outside a chroot and did a lsof -P -T -p <mlnet-PID>> and saw that some files from /lib were accessed (even though ldd showed a static binary...). I copied them into the chroot, added /etc/resolv.conf, /etc/hosts, /etc/nsswitch.conf and a tmp-directory. - Didn't work. When I did a lsof -P -T -p <mlnet-PID>> on the chrooted mlnet I didn't see access to files of /lib (not the one in the chroot, nor any other). Hey, please don't make look to stupid and have a suggestion for me! (-: -- Eat, sleep and go running, David Hücking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216